[Python-Dev] Improved evaluator added to ast module (original) (raw)

Daniel Holth dholth at gmail.com
Thu Oct 11 18:55:16 CEST 2012

On Thu, Oct 11, 2012 at 12:34 PM, Benjamin Peterson <benjamin at python.org> wrote:

2012/10/11 Vinay Sajip <vinaysajip at yahoo.co.uk>:

In response to http://bugs.python.org/issue15452, I've created an improved evaluator in the ast module in my sandbox repo. The evaluator supports lookup of names in a supplied namespace. The basic interface is

def lookupeval(sourcestringorastnode, namespace, allowimports=False): # perform limited evaluation of Python expressions Function calls are not allowed in expressions, but the following are: * Names (looked up in namespace, and imported if not found there and allowimports is True) * Literals, just as literaleval() does * Array indexing and slicing * Attribute access * Arithmetic operators * Bitwise operators * Comparison operators * in / not in * and / or * Unary operators With this operations, you can still cause a lot of trouble.

The patch is attached to the issue, and includes changes to replace the use of eval() by logging.config.fileConfig() to use ast.lookupeval(). I would welcome review of the patch, particularly as there may be security implications (the issue is titled "Improve the security model for logging listener"). What exactly are you trying to prevent?

How does this compare to the markerlib approach? In markerlib you just make sure all the AST nodes are in a set of allowed nodes, currently (Compare, BoolOp, Attribute, Name, Load, Str, cmpop, boolop), and then use the normal eval(). Is one way more secure / fast / flexible than the other?

(https://bitbucket.org/dholth/markerlib/src/tip/markerlib/markers.py)

Thanks,

Daniel H

More information about the Python-Dev mailing list